为 OCI 上的通用 Windows 服务器实例生成密码
Generating a password for a generalized Windows Server instance on OCI
据我了解,Oracle 默认 Windows 服务器映像利用 Cloudbase-Init 和 Unattend.xml 文件为用户生成密码,但我很好奇其中的细节,因为我正在尝试创建我自己的图像,并预装了额外的软件。我想生成一个随机密码,并且明确地不要求用户更改它。话虽如此,这是我尝试过的(我只包含了 Unattend.xml 文件的概括部分):
尝试 #1
对于我的第一次尝试,我尽我所能模仿我能(据我所知)告诉默认图像正在做什么。这与使用 Oracle 的默认 Windows 2019 标准映像从通用实例中提取的无人值守和 cloubase 配置文件相同。使用这些后,系统会提示用户在登录时更改密码。
Unattend.xml
<settings pass="generalize">
<component name="Microsoft-Windows-PnpSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<PersistAllDeviceInstalls>true</PersistAllDeviceInstalls>
</component>
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<RunSynchronous>
<RunSynchronousCommand wcm:action="add">
<Order>1</Order>
<Path>cmd.exe /c ""c:\Program Files\Cloudbase Solutions\Cloudbase-Init\Python\Scripts\cloudbase-init.exe" --config-file "c:\Program Files\Cloudbase Solutions\Cloudbase-Init\conf\cloudbase-init-unattend.conf" && exit 1 || exit 2"</Path>
<Description>Run Cloudbase-Init to set the hostname</Description>
<WillReboot>OnRequest</WillReboot>
</RunSynchronousCommand>
</RunSynchronous>
</component>
</settings>
cloudbase-init-unattend.conf
[DEFAULT]
username=opc
groups=Administrators
bsdtar_path=C:\Program Files\Cloudbase Solutions\Cloudbase-Init\bin\bsdtar.exe
mtools_path=C:\Program Files\Cloudbase Solutions\Cloudbase-Init\bin\
verbose=true
debug=true
logdir=C:\Program Files\Cloudbase Solutions\Cloudbase-Init\log\
logfile=cloudbase-init-unattend.log
default_log_levels=comtypes=INFO,suds=INFO,iso8601=WARN,requests=WARN
logging_serial_port_settings=COM1,9600,N,8
local_scripts_path=C:\Program Files\Cloudbase Solutions\Cloudbase-Init\LocalScripts\
metadata_services=cloudbaseinit.metadata.services.httpservice.HttpService
plugins=cloudbaseinit.plugins.windows.winrmlistener.ConfigWinRMListenerPlugin,cloudbaseinit.plugins.common.userdata.UserDataPlugin
allow_reboot=false
stop_service_on_exit=false
check_latest_version=false
尝试#2
第二次尝试时,我尝试向 Unattend 文件添加一条命令,该命令不会提示用户更改密码。我使用了与尝试 #1 相同的 cloubase 配置文件。泛化后,系统仍提示用户选择新密码。
Unattend.xml
<settings pass="generalize">
<component name="Microsoft-Windows-PnpSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<PersistAllDeviceInstalls>true</PersistAllDeviceInstalls>
</component>
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<RunSynchronous>
<RunSynchronousCommand wcm:action="add">
<Order>1</Order>
<Path>cmd.exe /c "net user opc /logonpasswordchg:no && exit 1 || exit 2</Path>
<Description>Ensure the opc user does not have to reset their password</Description>
<WillReboot>Never</WillReboot>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>2</Order>
<Path>cmd.exe /c ""c:\Program Files\Cloudbase Solutions\Cloudbase-Init\Python\Scripts\cloudbase-init.exe" --config-file "c:\Program Files\Cloudbase Solutions\Cloudbase-Init\conf\cloudbase-init-unattend.conf" && exit 1 || exit 2"</Path>
<Description>Run Cloudbase-Init to set the hostname</Description>
<WillReboot>OnRequest</WillReboot>
</RunSynchronousCommand>
</RunSynchronous>
</component>
</settings>
尝试 #3
对于我的第三次尝试,我更改了 Unattend 文件中的命令顺序,以告知网络用户在处理 cloudbase init 配置后不要在登录时更改密码。我再次使用与尝试 #1 和 #2 相同的 cloubase 配置文件。泛化后,系统仍提示用户选择新密码。
Unattend.xml
<settings pass="generalize">
<component name="Microsoft-Windows-PnpSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<PersistAllDeviceInstalls>true</PersistAllDeviceInstalls>
</component>
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<RunSynchronous>
<RunSynchronousCommand wcm:action="add">
<Order>1</Order>
<Path>cmd.exe /c ""c:\Program Files\Cloudbase Solutions\Cloudbase-Init\Python\Scripts\cloudbase-init.exe" --config-file "c:\Program Files\Cloudbase Solutions\Cloudbase-Init\conf\cloudbase-init-unattend.conf" && exit 1 || exit 2"</Path>
<Description>Run Cloudbase-Init to set the hostname</Description>
<WillReboot>OnRequest</WillReboot>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>2</Order>
<Path>cmd.exe /c "net user opc /logonpasswordchg:no && exit 1 || exit 2</Path>
<Description>Ensure the opc user does not have to reset their password</Description>
<WillReboot>Never</WillReboot>
</RunSynchronousCommand>
</RunSynchronous>
</component>
</settings>
None 这些方法产生了我正在寻找的东西。我还尝试使用 Cloudbase-Init 中的插件来生成密码,但似乎 Oracle Cloud Agent 覆盖了这一点,因为我完全无法通过 RDP 登录,而如果不使用 Cloudbase 插件我可以登录但无法登录在设置新密码之前访问桌面。
这引出了一个问题:什么在这里不起作用?这是配置问题,还是我从根本上误解了这个过程的工作原理?
我将不胜感激任何人可能提出的任何建议,或其他人创建的示例实现。谢谢!
虽然我无法让 Unattend.xml 文件自动 运行 我的命令,但事实证明最简单的解决方案是使用 Cloudbase-Init 用户数据来提供我的命令。最终的用户数据脚本最终看起来像这样:
rem cmd
net user opc /logonpasswordchg:no
我希望这对以后发现这个问题的人有所帮助。
据我了解,Oracle 默认 Windows 服务器映像利用 Cloudbase-Init 和 Unattend.xml 文件为用户生成密码,但我很好奇其中的细节,因为我正在尝试创建我自己的图像,并预装了额外的软件。我想生成一个随机密码,并且明确地不要求用户更改它。话虽如此,这是我尝试过的(我只包含了 Unattend.xml 文件的概括部分):
尝试 #1
对于我的第一次尝试,我尽我所能模仿我能(据我所知)告诉默认图像正在做什么。这与使用 Oracle 的默认 Windows 2019 标准映像从通用实例中提取的无人值守和 cloubase 配置文件相同。使用这些后,系统会提示用户在登录时更改密码。
Unattend.xml
<settings pass="generalize">
<component name="Microsoft-Windows-PnpSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<PersistAllDeviceInstalls>true</PersistAllDeviceInstalls>
</component>
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<RunSynchronous>
<RunSynchronousCommand wcm:action="add">
<Order>1</Order>
<Path>cmd.exe /c ""c:\Program Files\Cloudbase Solutions\Cloudbase-Init\Python\Scripts\cloudbase-init.exe" --config-file "c:\Program Files\Cloudbase Solutions\Cloudbase-Init\conf\cloudbase-init-unattend.conf" && exit 1 || exit 2"</Path>
<Description>Run Cloudbase-Init to set the hostname</Description>
<WillReboot>OnRequest</WillReboot>
</RunSynchronousCommand>
</RunSynchronous>
</component>
</settings>
cloudbase-init-unattend.conf
[DEFAULT]
username=opc
groups=Administrators
bsdtar_path=C:\Program Files\Cloudbase Solutions\Cloudbase-Init\bin\bsdtar.exe
mtools_path=C:\Program Files\Cloudbase Solutions\Cloudbase-Init\bin\
verbose=true
debug=true
logdir=C:\Program Files\Cloudbase Solutions\Cloudbase-Init\log\
logfile=cloudbase-init-unattend.log
default_log_levels=comtypes=INFO,suds=INFO,iso8601=WARN,requests=WARN
logging_serial_port_settings=COM1,9600,N,8
local_scripts_path=C:\Program Files\Cloudbase Solutions\Cloudbase-Init\LocalScripts\
metadata_services=cloudbaseinit.metadata.services.httpservice.HttpService
plugins=cloudbaseinit.plugins.windows.winrmlistener.ConfigWinRMListenerPlugin,cloudbaseinit.plugins.common.userdata.UserDataPlugin
allow_reboot=false
stop_service_on_exit=false
check_latest_version=false
尝试#2
第二次尝试时,我尝试向 Unattend 文件添加一条命令,该命令不会提示用户更改密码。我使用了与尝试 #1 相同的 cloubase 配置文件。泛化后,系统仍提示用户选择新密码。
Unattend.xml
<settings pass="generalize">
<component name="Microsoft-Windows-PnpSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<PersistAllDeviceInstalls>true</PersistAllDeviceInstalls>
</component>
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<RunSynchronous>
<RunSynchronousCommand wcm:action="add">
<Order>1</Order>
<Path>cmd.exe /c "net user opc /logonpasswordchg:no && exit 1 || exit 2</Path>
<Description>Ensure the opc user does not have to reset their password</Description>
<WillReboot>Never</WillReboot>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>2</Order>
<Path>cmd.exe /c ""c:\Program Files\Cloudbase Solutions\Cloudbase-Init\Python\Scripts\cloudbase-init.exe" --config-file "c:\Program Files\Cloudbase Solutions\Cloudbase-Init\conf\cloudbase-init-unattend.conf" && exit 1 || exit 2"</Path>
<Description>Run Cloudbase-Init to set the hostname</Description>
<WillReboot>OnRequest</WillReboot>
</RunSynchronousCommand>
</RunSynchronous>
</component>
</settings>
尝试 #3
对于我的第三次尝试,我更改了 Unattend 文件中的命令顺序,以告知网络用户在处理 cloudbase init 配置后不要在登录时更改密码。我再次使用与尝试 #1 和 #2 相同的 cloubase 配置文件。泛化后,系统仍提示用户选择新密码。
Unattend.xml
<settings pass="generalize">
<component name="Microsoft-Windows-PnpSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<PersistAllDeviceInstalls>true</PersistAllDeviceInstalls>
</component>
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<RunSynchronous>
<RunSynchronousCommand wcm:action="add">
<Order>1</Order>
<Path>cmd.exe /c ""c:\Program Files\Cloudbase Solutions\Cloudbase-Init\Python\Scripts\cloudbase-init.exe" --config-file "c:\Program Files\Cloudbase Solutions\Cloudbase-Init\conf\cloudbase-init-unattend.conf" && exit 1 || exit 2"</Path>
<Description>Run Cloudbase-Init to set the hostname</Description>
<WillReboot>OnRequest</WillReboot>
</RunSynchronousCommand>
<RunSynchronousCommand wcm:action="add">
<Order>2</Order>
<Path>cmd.exe /c "net user opc /logonpasswordchg:no && exit 1 || exit 2</Path>
<Description>Ensure the opc user does not have to reset their password</Description>
<WillReboot>Never</WillReboot>
</RunSynchronousCommand>
</RunSynchronous>
</component>
</settings>
None 这些方法产生了我正在寻找的东西。我还尝试使用 Cloudbase-Init 中的插件来生成密码,但似乎 Oracle Cloud Agent 覆盖了这一点,因为我完全无法通过 RDP 登录,而如果不使用 Cloudbase 插件我可以登录但无法登录在设置新密码之前访问桌面。
这引出了一个问题:什么在这里不起作用?这是配置问题,还是我从根本上误解了这个过程的工作原理?
我将不胜感激任何人可能提出的任何建议,或其他人创建的示例实现。谢谢!
虽然我无法让 Unattend.xml 文件自动 运行 我的命令,但事实证明最简单的解决方案是使用 Cloudbase-Init 用户数据来提供我的命令。最终的用户数据脚本最终看起来像这样:
rem cmd
net user opc /logonpasswordchg:no
我希望这对以后发现这个问题的人有所帮助。